Windows client guidance for IT Pros to protect against speculative

Page 1 of 4 123 ... LastLast
    Windows client guidance for IT Pros to protect against speculative

    Windows client guidance for IT Pros to protect against speculative

    For Microarchitectural Data Sampling (MDS) Zombieload

    Last Updated: 14 Sep 2019 at 09:23

    Windows client guidance for IT Pros to protect against speculative execution side-channel vulnerabilities

    Applies to: Windows Server 2016 Version 1709, Windows Server 2012 R2 Standard, Windows Server 2012 Standard, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Standard, Windows Server 2008 Service Pack 2, Windows Server 2008 Foundation, Windows Server 2008 for Itanium-Based Systems, Windows Server 2008 Enterprise without Hyper-V, Windows Server 2008 Enterprise, Windows Server 2008 Datacenter without Hyper-V, Windows Server 2008 Datacenter Servers, Windows Server Datacenter 2016, Windows Server Essentials 2016, Windows Server Standard 2016, Windows Server 2016, Windows Server 2008 R2, Windows Server 2008 R2 Datacenter, Windows Server 2008 R2 Enterprise, Windows Server 2008 R2 for Itanium-Based Systems, Windows Server 2008 R2 Foundation, Windows Server 2008 R2 Web Edition, Windows 10 version 1803, Windows 10 version 1709, Windows 10 version 1703, Windows 10 version 1607, Windows 10, Windows 7 Service Pack 1

    Summary

    This article will be updated as additional information becomes available. Please check back here regularly for updates and new FAQ.

    Microsoft is aware of a new publicly disclosed class of vulnerabilities that are called “speculative execution side-channel attacks” and that affect many modern processors including Intel, AMD, VIA, and ARM.

    Note: This issue also affects other operating systems, such as Android, Chrome, iOS, and macOS. Therefore, we advise customers to seek guidance from those vendors.

    Microsoft has released several updates to help mitigate these vulnerabilities. We have also taken action to secure our cloud services. See the following sections for more details.

    Microsoft has not yet received any information to indicate that these vulnerabilities were used to attack customers. Microsoft is working closely with industry partners including chip makers, hardware OEMs, and app vendors to protect customers. To get all available protections, firmware (microcode) and software updates are required. This includes microcode from device OEMs and, in some cases, updates to antivirus software.

    This article addresses the following vulnerabilities:


    Windows Update will also provide Internet Explorer and Edge mitigations. We will continue to improve these mitigations against this class of vulnerabilities.

    To learn more about this class of vulnerabilities, see


    UPDATED ON May 14, 2019: On May 14, 2019, Intel published information about a new subclass of speculative execution side-channel vulnerabilities known as Microarchitectural Data Sampling. They have been assigned the following CVEs:


    Important: These issues will affect other systems such as Android, Chrome, iOS, and MacOS. We advise customers seek guidance from their respective vendors.

    Microsoft has released updates to help mitigate these vulnerabilities. To get all available protections, firmware (microcode) and software updates are required. This may include microcode from device OEMs. In some cases, installing these updates will have a performance impact. We have also acted to secure our cloud services. We strongly recommend deploying these updates.

    For more information about this issue, see the following Security Advisory and use scenario-based guidance to determine actions necessary to mitigate the threat:



    Note: We recommend that you install all of the latest updates from Windows Update before you install any microcode updates.

    UPDATED ON AUGUST 6, 2019: On August 6, 2019 Intel released details about a Windows kernel information disclosure vulnerability. This vulnerability is a variant of the Spectre Variant 1 speculative execution side channel vulnerability and has been assigned CVE-2019-1125.

    On July 9, 2019 we released security updates for the Windows operating system to help mitigate this issue. Please note that we held back documenting this mitigation publicly until the coordinated industry disclosure on Tuesday, August 6, 2019.

    Customers who have Windows Update enabled and have applied the security updates released on July 9, 2019 are protected automatically. There is no further configuration necessary.

    Note This vulnerability does not require a microcode update from your device manufacturer (OEM).

    For more information about this vulnerability and applicable updates , see the Microsoft Security Update Guide: CVE-2019-1125 | Windows Kernel Information Disclosure Vulnerability.

    Recommended actions

    Customers should take the following actions to help protect against the vulnerabilities:

    1. Apply all available Windows operating system updates, including the monthly Windows security updates.
    2. Apply the applicable firmware (microcode) update that is provided by the device manufacturer.
    3. Evaluate the risk to your environment based on the information that is provided on Microsoft Security Advisories: ADV180002, ADV180012, ADV190013 and information provided in this Knowledge Base article.
    4. Take action as required by using the advisories and registry key information that are provided in this Knowledge Base article.

    Note: Surface customers will receive a microcode update through Windows update. For a list of the latest available Surface device firmware (microcode) updates, see KB 4073065.

    Mitigation settings for Windows clients

    Security advisories ADV180002, ADV180012, and ADV190013 provide information about the risk that is posed by these vulnerabilities, and they help you identify the default state of mitigations for Windows client systems. The following table summarizes the requirement of CPU microcode and the default status of the mitigations on Windows clients.

    CVE Requires CPU microcode/firmware? Mitigation Default status
    CVE-2017-5753 No Enabled by default (no option to disable)

    Please refer to ADV180002 for additional information.
    CVE-2017-5715 Yes Enabled by default. Users of systems based on AMD processors should see FAQ #15 and users of ARM processors should see FAQ #20 on ADV180002 for additional action and this KB article for applicable registry key settings.

    Note: “Retpoline” is enabled by default if Spectre Variant 2 (CVE-2017-5715) is enabled. For more information, around “Retpoline”, follow the guidance in the Mitigating Spectre variant 2 with Retpoline on Windows blog post.
    CVE-2017-5754 No Enabled by default

    Please refer to ADV180002 for additional information.
    CVE-2018-3639 Intel: Yes
    AMD: No
    ARM: Yes    		 Intel and AMD: Disabled by default. See ADV180012 for more information and this KB article for applicable registry key settings.

    ARM: Enabled by default without option to disable.
    CVE-2018-11091 Intel: Yes Enabled by default.

    See ADV190013 for more information and this KB article for applicable registry key settings.
    CVE-2018-12126 Intel: Yes Enabled by default.

    See ADV190013 for more information and this KB article for applicable registry key settings.
    CVE-2018-12127 Intel: Yes Enabled by default.

    See ADV190013 for more information and this KB article for applicable registry key settings.
    CVE-2018-12130 Intel: Yes Enabled by default.

    See ADV190013 for more information and this KB article for applicable registry key settings.

    Note: Enabling mitigations that are off by-default may affect performance. The actual performance effect depends on multiple factors, such as the specific chipset in the device and the workloads that are running.

    Registry settings

    We are providing the following registry information to enable mitigations that are not enabled by default, as documented in Security Advisories ADV180002 and ADV180012. Additionally, we are providing registry key settings for users who want to disable the mitigations that are related to CVE-2017-5715 and CVE-2017-5754 for Windows clients.

    Important: This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, see the following article in the Microsoft Knowledge Base:

    Refer to KB 322756 "How to back up and restore the registry in Windows"

    Manage mitigations for CVE-2017-5715 (Spectre Variant 2) and CVE-2017-5754 (Meltdown)

    Important note: Retpoline is enabled by default on Windows 10, version 1809devices if Spectre, Variant 2 (CVE-2017-5715) is enabled. Enabling Retpoline on the latest version of Windows 10 may enhance performance on devices running Windows 10, version 1809 for Spectre variant 2, particularly on older processors.

    To enable default mitigations for CVE-2017-5715 (Spectre Variant 2) and CVE-2017-5754 (Meltdown)
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
    Restart the computer for the changes to take effect.

    To disable mitigations for CVE-2017-5715 (Spectre Variant 2) and CVE-2017-5754 (Meltdown)
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3 /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
    Restart the computer for the changes to take effect.

    Note: A value of 3 is accurate for FeatureSettingsOverrideMask for both the "enable" and "disable" settings. (See the "FAQ" section for more details about registry keys.)

    Manage mitigation for CVE-2017-5715 (Spectre Variant 2)

    To disable mitigations for CVE-2017-5715 (Spectre Variant 2):
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 1 /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
    Restart the computer for the changes to take effect.

    To enable default mitigations for CVE-2017-5715 (Spectre Variant 2) and CVE-2017-5754 (Meltdown):
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
    Restart the computer for the changes to take effect.

    AMD and ARM processors only: Enable full mitigation for CVE-2017-5715 (Spectre Variant 2)

    By default, user-to-kernel protection for CVE-2017-5715 is disabled for AMD and ARM CPUs. Customers must enable the mitigation to receive additional protections for CVE-2017-5715. For more information, see FAQ #15 in ADV180002 for AMD processors and FAQ #20 in ADV180002 for ARM processors.

    Enable user-to-kernel protection on AMD and ARM processors together with other protections for CVE 2017-5715:
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 64 /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
    Restart the computer for the changes to take effect.

    Manage mitigations for CVE-2018-3639 (Speculative Store Bypass), CVE-2017-5715 (Spectre Variant 2), and CVE-2017-5754 (Meltdown)

    To enable mitigations for CVE-2018-3639 (Speculative Store Bypass), default mitigations for CVE-2017-5715 (Spectre Variant 2) and CVE-2017-5754 (Meltdown):
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 8 /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
    Restart the computer for the changes to take effect.
    Note: AMD processors are not vulnerable to CVE-2017-5754 (Meltdown). This registry key is used in systems with AMD processors to enable default mitigations for CVE-2017-5715 on AMD processors and the mitigation for CVE-2018-3639.

    To disable mitigations for CVE-2018-3639 (Speculative Store Bypass) *and* mitigations for CVE-2017-5715 (Spectre Variant 2) and CVE-2017-5754 (Meltdown)
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3 /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
    Restart the computer for the changes to take effect.

    AMD processors only: Enable full mitigation for CVE-2017-5715 (Spectre Variant 2) and CVE 2018-3639 (Speculative Store Bypass)

    By default, user-to-kernel protection for CVE-2017-5715 is disabled for AMD processors. Customers must enable the mitigation to receive additional protections for CVE-2017-5715. For more information, see FAQ #15 in ADV180002.

    Enable user-to-kernel protection on AMD processors together with other protections for CVE 2017-5715 and protections for CVE-2018-3639 (Speculative Store Bypass):
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 72 /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
    Restart the computer for the changes to take effect.

    Manage Microarchitectural Data Sampling (CVE-2018-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130) along with Spectre (CVE-2017-5753 & CVE-2017-5715) and Meltdown (CVE-2017-5754) variants, including Speculative Store Bypass Disable (SSBD) (CVE-2018-3639) as well as L1 Terminal Fault (L1TF) (CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646)

    To enable mitigations for Microarchitectural Data Sampling (CVE-2018-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130) along with Spectre (CVE-2017-5753 & CVE-2017-5715) and Meltdown (CVE-2017-5754) variants, including Speculative Store Bypass Disable (SSBD) (CVE-2018-3639) as well as L1 Terminal Fault (L1TF) (CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646) without disabling Hyper-Threading:
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 72 /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

    [UPDATED 5/24] If the Hyper-V feature is installed, add the following registry setting:
    reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f

    If this is a Hyper-V host and the firmware updates have been applied: Fully shut down all Virtual Machines. This enables the firmware-related mitigation to be applied on the host before the VMs are started. Therefore, the VMs are also updated when they're restarted.

    Restart the computer for the changes to take effect.

    To enable mitigations for Microarchitectural Data Sampling (CVE-2018-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130) along with Spectre (CVE-2017-5753 & CVE-2017-5715) and Meltdown (CVE-2017-5754) variants, including Speculative Store Bypass Disable (SSBD) (CVE-2018-3639) as well as L1 Terminal Fault (L1TF) (CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646) with Hyper-Threading disabled:
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 8264 /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

    [UPDATED 5/24] If the Hyper-V feature is installed, add the following registry setting:
    reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f

    If this is a Hyper-V host and the firmware updates have been applied: Fully shut down all Virtual Machines. This enables the firmware-related mitigation to be applied on the host before the VMs are started. Therefore, the VMs are also updated when they're restarted.

    Restart the computer for the changes to take effect.

    To disable mitigations for Microarchitectural Data Sampling (CVE-2018-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130) along with Spectre (CVE-2017-5753 & CVE-2017-5715) and Meltdown (CVE-2017-5754) variants, including Speculative Store Bypass Disable (SSBD) (CVE-2018-3639) as well as L1 Terminal Fault (L1TF) (CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646):
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3 /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
    Restart the computer for the changes to take effect.

    Verifying that protections are enabled

    To help customers verify that protections are enabled, Microsoft has published a PowerShell script that customers can run on their systems. Install and run the script by running the following commands.

    PowerShell verification by using the PowerShell Gallery (Windows Server 2016 or WMF 5.0/5.1)
    Install the PowerShell Module:
    PS> Install-Module SpeculationControl

    Run the PowerShell module to verify that protections are enabled:
    PS> # Save the current execution policy so it can be reset
    PS> $SaveExecutionPolicy = Get-ExecutionPolicy
    PS> Set-ExecutionPolicy RemoteSigned -Scope Currentuser
    PS> Import-Module SpeculationControl
    PS> Get-SpeculationControlSettings
    PS> # Reset the execution policy to the original state
    PS> Set-ExecutionPolicy $SaveExecutionPolicy -Scope Currentuser

    PowerShell Verification by using a download from Technet (earlier operating system versions and earlier WMF versions)
    Install the PowerShell Module from Technet ScriptCenter:
    Go to https://aka.ms/SpeculationControlPS
    Download SpeculationControl.zip to a local folder.
    Extract the contents to a local folder, for example C:\ADV180002

    Run the PowerShell module to verify that protections are enabled:
    Start PowerShell, then (by using the previous example) copy and run the following commands:
    PS> # Save the current execution policy so it can be reset
    PS> $SaveExecutionPolicy = Get-ExecutionPolicy
    PS> Set-ExecutionPolicy RemoteSigned -Scope Currentuser
    PS> CD C:\ADV180002\SpeculationControl
    PS> Import-Module .\SpeculationControl.psd1
    PS> Get-SpeculationControlSettings
    PS> # Reset the execution policy to the original state
    PS> Set-ExecutionPolicy $SaveExecutionPolicy -Scope Currentuser

    For a detailed explanation of the output of the PowerShell script, please see Knowledge Base article 4074629.

    Frequently asked questions...


    Read more:


    See also:

    Microsoft is making available Intel-validated microcode updates that are related to Spectre Variant 3a (CVE-2018-3640: "Rogue System Register Read (RSRE)"), Spectre Variant 4 (CVE-2018-3639: "Speculative Store Bypass (SSB)"), and L1TF (CVE-2018-3620, CVE-2018-3646: "L1 Terminal Fault").

    Microsoft is making available Intel-validated microcode updates that are related to Microarchitectural Data Sampling (CVE-2019-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130).
    Brink's Avatar Posted By: Brink
    14 May 2019


  1. DJG
    Posts : 509
    Windows 10 Pro x64 22H2 19045.4239
       New #1

    I take it we need new BIOS code from ASUS for the MDS mitigation. Here's what I currently have for my X99 Strix Gaming:
    Windows client guidance for IT Pros to protect against speculative-speculative.png
      My Computer
    Quote Quote

  3. Ground Sloth
    Posts : 349
    Windows 10
       New #2

    Why did Microsoft only release new microcode updates from Intel for older versions of WIndows 10?

    In any case, it sounds like the mitigations against the Microarchitectural Data Sampling side-channel vulnerabilities basically don't work with Hyper-Threading enabled.
      My Computer
    Quote Quote

  4. Cliff S
    Posts : 27,180
    Win11 Pro, Win10 Pro N, Win10 Home, Windows 8.1 Pro, Ubuntu
       New #3

    See also: Intel Side Channel Vulnerability MDS

    On May 14, 2019, Intel and other industry partners shared details and information about a new group of vulnerabilities collectively called Microarchitectural Data Sampling (MDS).

    First identified by Intel’s internal researchers and partners, and independently reported to Intel by external researchers, MDS is a sub-class of previously disclosed speculative execution side channel vulnerabilities and is comprised of four related techniques. Under certain conditions, MDS provides a program the potential means to read data that program otherwise would not be able to see. MDS techniques are based on a sampling of data leaked from small structures within the CPU using a locally executed speculative execution side channel. Practical exploitation of MDS is a very complex undertaking. MDS does not, by itself, provide an attacker with a way to choose the data that is leaked.

    MDS is addressed in hardware starting with select 8th and 9th Generation Intel® Core™ processors, as well as the 2nd Generation Intel® Xeon® Scalable processor family. More details can be found here. We expect all future Intel® processors include hardware mitigations addressing these vulnerabilities.


    Assessing Risk

    Exploiting the MDS vulnerabilities outside the controlled conditions of a research environment is a complex undertaking. MDS vulnerabilities have been classified as low to medium severity per the industry standard CVSS, and it’s important to note that there are no reports of any real world exploits of these vulnerabilities.

    As technologies become more and more complex, we believe it takes the ecosystem working together to keep products and data more secure. We appreciate the research community and our industry partners for their contributions and coordinated disclosure of these issues.
      My Computers
    Quote Quote

  6. DJG
    Posts : 509
    Windows 10 Pro x64 22H2 19045.4239
       New #4

    Good info, Cliff S!
      My Computer
    Quote Quote

  7. Ground Sloth
    Posts : 349
    Windows 10
       New #5

    Contrary to what Intel is saying, the researchers who discovered one of these new vulnerabilities claim that 9th-generation Core processors are actually even more vulnerable.

    Fallout exploits a fourth vulnerability in Intel CPUs to leak data from Store Buffers, which is used when a CPU pipeline needs to store any type of data. This attack works against the Kernel Address Space Layout Randomization (KASLR) protection against memory corruption bugs.

    The attack was developed by researchers at the University of Michigan, the University of Adelaide, Worcester Polytechnic Institute, Data61, Graz Institute of Applied Information Processing and Communications (IAIK), and the Catholic University in Leuven (KU Leuven).

    The researchers say that the threat actor running a Fallout attack can choose the type of data to leak from the CPU's Store buffer.

    Fallout also impacts modern Intel processors, including those of the 9th generation, which include in-silicon mitigations for Meltdown.

    This protection, however, "makes them more vulnerable to Fallout, compared to older generation hardware," say the developers of the attack.

    New RIDL and Fallout Attacks Impact All Modern Intel CPUs
      My Computer
    Quote Quote

  8. Cliff S
    Posts : 27,180
    Win11 Pro, Win10 Pro N, Win10 Home, Windows 8.1 Pro, Ubuntu
       New #6

    @Brink one more to add to the list "Read more": https://portal.msrc.microsoft.com/en...sory/adv190013
      My Computers
    Quote Quote

  9. MikeMecanic
    Posts : 1,079
    10 + Linux
       New #7

    Busy Day For Intel Processors 20190514


    New patch (May 14th) and new cmd line to check MDS vulnerability:

    Code:
    cat  /sys/devices/system/cpu/vulnerabilities/mds
Not affected

uname -a
Linux kerenl 5.1.2-050102-generic #201905141830 SMP Tue May 14 18:33:14 UTC 2019 x86_64 GNU/Linux
    LKML: Greg KH: Linux 5.1.2

    << ...So don't think you are done updating your kernel, you never are done with that>>
      My Computer
    Quote Quote

  10. Brink
    Posts : 68,840
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       New #8

    Cliff S said:
    @Brink one more to add to the list "Read more": https://portal.msrc.microsoft.com/en...sory/adv190013
      My Computers
    Quote Quote

  12. Brink
    Posts : 68,840
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       New #9

    How to test MDS (Zombieload) patch status on Windows systems | ZDNet

    Same from Verifying that protections are enabled section in first post.
      My Computers
    Quote Quote

 

  Related Discussions
Read more: https://support.microsoft.com/en-us/help/4073119/windows-client-guidance-for-it-pros-to-protect-against-speculative-exe See also: Understanding performance impact of Spectre and Meltdown mitigations - Windows 10 Forums Protect...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 12:57.
Find Us




Windows 10 Forums